Careers

The secure side of eyeo

At eyeo, protecting your data and earning your trust is our top priority. We embed security into everything we do—from building software to training our people—while staying transparent, resilient, and committed to continuous improvement for customers, partners, and researchers alike.

Find out more

Security isn’t just a feature - it’s a foundation

Our approach is built around:

Security by design

Security is baked into every phase of development and deployment.

Proactive defense

We use automation, monitoring, and layered protection.

Transparency

We prioritize clear policies and open communication with stakeholders.

Our efforts in securing ourselves and our Partners

We approach security holistically, protecting not only our own infrastructure but also ensuring that our partners and clients benefit from a secure digital ecosystem.

Application security

All of our applications are developed with security in mind. We follow security best practices across our engineering teams, including:

  • Code analysis and in-house security reviews to ensure early detection of vulnerabilities
  • Automated dependency scanning to detect known threats in open-source packages
  • Least privilege principles for access to services and data

Infrastructure security

Our infrastructure is hardened using best practices from cloud-native security:

  • Data encryption both in transit and at rest, using industry-standard algorithms and practices
  • Firewalls, VPCs, and access controls to segment and isolate critical components
  • Real-time threat detection systems to identify anomalies

Security awareness trainings and attack simulations

We cultivate a security-first culture with ongoing education and real-world testing:

  • Mandatory security training for all employees during onboarding and at regular intervals
  • Context-aware phishing simulations to raise awareness and reduce risks

Security policies and governance

Our security strategy is guided by a comprehensive framework of internal policies that govern how we protect data, manage systems, and empower our teams. These policies ensure that security is not only reactive but proactively embedded into every layer of our operations. They are regularly reviewed and updated, so we stay ahead of evolving threats and industry standards.

Below are examples of key security policies currently in effect at eyeo:

  • Acceptable Use of Assets Policy
  • Access Control Policy
  • Cloud Security Policy
  • Cryptography Policy
  • Information Classification, Labeling and Handling Policy
  • Information Security Awareness Policy
  • Incident Management Process

These policies form the foundation of our security governance model, driving consistency, accountability, and resilience across all teams and technologies.

Vulnerability Disclosure Policy

We encourage responsible security research and are committed to working with the community to improve our platform. If you believe you’ve discovered a vulnerability, we want to hear from you.

Reporting a vulnerability

If you believe you’ve found a security issue, please email us at security@eyeo.com with details of the issue, including:

  • Description of the vulnerability, including scope and potential impact
  • Steps to reproduce
    Supporting artifacts (logs, screenshots, etc.)

Scope

We welcome reports related to:

  • eyeo.com and associated subdomains, excluding services not managed by eyeo
  • adblockplus.org and associated subdomains, excluding services not managed by eyeo
  • blockthrough.com and associated subdomains, excluding services not managed by eyeo
  • Our public APIs and mobile applications
  • Third-party services officially maintained by eyeo

Out of scope

  • Denial-of-service attacks (DoS, DDoS)
  • Social engineering or phishing against staff of eyeo and subsidiaries
  • Physical security of eyeo offices or infrastructure
  • Third-party services not maintained or owned by eyeo

Safe harbor

We support coordinated disclosure and will not pursue legal action against researchers acting in good faith under this policy. You are expected to:

  • Avoid privacy violations and service disruption.
  • Provide us reasonable time to remediate.
  • Respect data integrity and confidentiality.

Acknowledgement and recognition

While we do not run a formal bug bounty program, we may offer recognition or rewards for critical, valid findings on a per-case-basis. Monetary compensation is discretionary and not guaranteed.